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CLAIMS 

What is claimed is: 

1 1 . A method for providing security, the method comprising the 

2 steps of: 

3 establishing one or more protection domains, wherein a 

4 protection domain is associated with zero or more 

5 permissions; 

6 establishing an association between said one or more protection 

7 domains and one or more classes of one or more objects; 

8 and 

9 determining whether an action requested by a particular object 

10 is permitted based on said association between said one 

11 or more protection domains and said one or more 

12 classes. 

1 2. The method of^^ 

2 at least one protection domain of said one or more protection domains is 

3 associated with a code identifier; 

4 at least one class of said one or more classes is associated with said code 

5 identifier; and 

6 the step of establishing an association between said one or 

7 more protection domains and said one or more classes of 

8 one or more objects further includes the step of 
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9 associating said one or more protection domains and 

10 said one or more classes based on said code identifier. 

1 3. The method of Claim^, wherein said code identifier indicates a source of 

2 code used to define each class of said one or more classes. 

1 4. The method of Qaiih 2, wherein said code identifier indicates a key 

2 associated with each class of said one or more classes. 

1 5. The method ofClki^n 2, wherein said code identifier indicates a source of 

2 code used to define each class of said one or more classes and indicates a key 

3 associated with each class of said one or more classes. 

1 6. The method of ClairK2 5 wherein the step of associating said one 

2 or more protection domains and said one or more classes based 

3 on said code identifier further includes associating said one or 

4 more protection domains and said one or more classes based on 

5 data persistently stored, wherein said data associates code 

6 identifiers with a set of one or more permissions. 

1 7. A method of providing security, the method comprising the steps of: 

2 establishing one or more protection domains, wherein a protection domain is 

3 associated with zero or more permissions; 
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4 establishing an association between said one or more protection domains and 

5 one or more sources of code; and 

6 in response to executing code making a request to perform an action, 

7 determining whether said request is permitted based on a source of 

8 said code making said request and said association between said one 

9 or more protection domains and said one or more sources of code. 

1 8. The method^of^hi^7, wherein the step of establishing an association 

2 between said one or more protection domains and said one or more sources 

3 of code further includes establishing an association between said one or more 

4 protection domains and said one or more sources of code and one or more 

5 keys associated with said one or more sources of code. 

1 9. The method of Claim X wherein the step of establishing an 

2 association between said one or more protection domains and 

3 said one or more sources of code and said one or more keys 

4 associated with said one or more sources of code further 

5 includes establishing said association between said one or more 

6 protection domains and said one or more sources of code and 

7 said one or more keys associated with said one or more sources 

8 of code based on data persistently stored, wherein said data 

9 associates particular sources of code and particular keys with a 
10 set of one or more permissions. 
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K). A computer-readable medium carrying one or more sequences of one or 

more instructions, wherein the execution of the one or more sequences of the 
one or more instructions causes the one or more processors to perform the 
steps of: 

establishing one or more protection domaufs, wherein a protection domain is 

associated with zero or more nennissions; 
establishing an association between said one or more protection 
domains and one or more classes of one or more objects; 
and 

determining whether an action requested by a particular object 
is permittea based on said association between said one 
or more protection domains and said one or more 
^-cl^ssesr 7 




1 1 . The computer readable medium of Claim 1 0, wherein: 

at least one protection domain of said one or more protection domains is 
associated with a code identifier; 

at least one class of said one or more classes is associated with said code 
identifier; and 

the step of establishing an association between said one or 

more protection domains and said one or more classes of 
one or more objects further includes the step of 
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associating said one or more protection domains and 



10 




1 12. 

2 
3 

1 13. 

2 

1 14. 

2 
3 
4 

1 15. 

2 
3 
4 
5 
6 

1 16. 

2 



The computer readable medium of Claim 1 1 , wherein said code identifier 
indicates a source of code used to define each class of said one or more 



The computer readable medium of Claim 11, wherein said code identifier 
indicates a key associated with each class of said one or more classes. 



The computer readable medium of Claim 1 1 , wherein said code identifier 
indicates a source of code used to define each class of said one or more 
classes and indicates a key associated with each class of said one or more 
classes. \ 

The computer readable medium of Claim 14, wherein the step of associating 
said one or more protection domains and said one or more classes based on 
said code identifier further includes associating said one or more protection 
domains and said one or more classes based on data persistently stored, 
wherein said data associates code identifiers with a set of one or more 
permissions. 

A computer-readable medium carrying one or more sequences of one or 
more instructions, wherein the execution of the one or more sequences of the 
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3 one or more instructions causes the one or more processors to perform the 

4 steps of: 

5 establishing one or more protection domains, wherein a protection domain is 

6 associated with zero or more permissions; 

7 establishing an association between said one or more protection domains and 

8 one or more sources of code; and 

9 in response to executing code making a request to perform an action, 

1 0 determining whether said request is permitted based on a source of 

1 1 said code making said request and said association between said one 

12 or more protection domain^and said one or more sources of code. 

1 1 7. The computer readable medium of Claim 1 6, wherein the step of establishing 

2 an association between said one or more protection domains and said one or 

3 more sources of code further includes establishing an association between 

4 said one or more protection domains and said one or more sources of code 

5 and one or more keys associated with said one or more sources of code. 

1 18. The computer readable medium of Clahn 1 7, wherein the step of establishing 

2 an association between said one or more protection domains and said one or 

3 more sources of code and said one or more keys associated with said one or 

4 more sources of code further includes establishing said association between 

5 said one or more protection domains and said one or more sources of code 

6 and said one or more keys associated with said one or more sources of code 
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7 based on data persistently stored, wherein said data associates particular 

8 sources of code and particular keys with a set of one or more permissions. 

1 19. A computer system comprising: 

2 a processor; 

3 a memory coupled to said processor; 

4 one or more protection domains stored as objects in said memory, wherein 

5 each protection domain is associated with zero or more permissions; 

6 a domain mapping object stored in said memory, said domain mapping 

7 object establishing an association between said one or more 

8 protection domains and one or more classes of one or more objects; 

9 and 

1 0 said processor being configured to determine whether an action 

1 1 requested by a particular object is permitted based on 

12 said association between said one or more protection 

1 3 domains and said one or more classes. 

1 20. The computer system^^ 19, wherein: 

2 at least one protection domain of said one or more protection domains is 

3 associated with a code identifier; 

4 at least one class of said one or more classes is associated with said code 

5 identifier; and 



3070-009/2435# 



o o 



-37- 



6 

7 
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10 
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1 21. 

2 

1 22. 
2 

1 23. 

2 

3 

1 24. 

2 
3 
4 
5 



said computer system further comprises said processor 

configured to establish an association between said one 
or more protection domains and said one or more classes 
of one or more objects by associating said one or more 
protection domains and said one or more classes based 
on said code identifier. 



The computer system of Claim 20, wherein said code identifier indicates a 
source of code used to define each class of said one or more classes. 



The computer system of Claim 20, wherein said code identifier indicates a 
key associated with each\lass of said one or more classes. 



The computer system of Claim 20, wherein said code identifier indicates a 
source of code used to define each class of said one or more classes and 
indicates a key associatedwith each class of said one or more classes. 

The computer system of claim 20, further comprising said 
processor configured to associate said one or more protection 
domains and said one or more classes based on said code 
identifier by associating said one or more protection domains 
and said one or more classes based on data persistently stored in 
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said computer system, wherein said data associates code 
identifiers with a set of one or more permissions. 
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